3
0
mirror of https://github.com/ergochat/ergo.git synced 2025-01-05 09:32:32 +01:00

PROXY: Restrict to specified addresses/hostnames

This commit is contained in:
Daniel Oaks 2016-04-21 16:39:31 +10:00
parent 77bf7173ff
commit 8885f14f19
4 changed files with 54 additions and 36 deletions

View File

@ -63,8 +63,7 @@ func (client *Client) run() {
// Set the hostname for this client. The client may later send a PROXY // Set the hostname for this client. The client may later send a PROXY
// command from stunnel that sets the hostname to something more accurate. // command from stunnel that sets the hostname to something more accurate.
client.send(NewProxyCommand(AddrLookupHostname( client.hostname = AddrLookupHostname(client.socket.conn.RemoteAddr())
client.socket.conn.RemoteAddr())))
for err == nil { for err == nil {
//TODO(dan): does this read sockets correctly and split lines properly? (think that ZNC bug that kept happening with mammon) //TODO(dan): does this read sockets correctly and split lines properly? (think that ZNC bug that kept happening with mammon)

View File

@ -46,12 +46,13 @@ type Config struct {
Server struct { Server struct {
PassConfig PassConfig
Name string Name string
Database string Database string
Listen []string Listen []string
Wslisten string Wslisten string
Log string Log string
MOTD string MOTD string
ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
} }
SSLListener map[string]*SSLListenConfig SSLListener map[string]*SSLListenConfig

View File

@ -26,21 +26,22 @@ type RegServerCommand interface {
} }
type Server struct { type Server struct {
channels ChannelNameMap channels ChannelNameMap
clients *ClientLookupSet clients *ClientLookupSet
commands chan Command commands chan Command
ctime time.Time ctime time.Time
db *sql.DB db *sql.DB
idle chan *Client idle chan *Client
motdLines []string motdLines []string
name Name name Name
newConns chan net.Conn newConns chan net.Conn
operators map[Name][]byte operators map[Name][]byte
password []byte password []byte
signals chan os.Signal signals chan os.Signal
whoWas *WhoWasList proxyAllowedFrom []string
theaters map[Name][]byte whoWas *WhoWasList
isupport *ISupportList theaters map[Name][]byte
isupport *ISupportList
} }
var ( var (
@ -50,18 +51,19 @@ var (
func NewServer(config *Config) *Server { func NewServer(config *Config) *Server {
server := &Server{ server := &Server{
channels: make(ChannelNameMap), channels: make(ChannelNameMap),
clients: NewClientLookupSet(), clients: NewClientLookupSet(),
commands: make(chan Command), commands: make(chan Command),
ctime: time.Now(), ctime: time.Now(),
db: OpenDB(config.Server.Database), db: OpenDB(config.Server.Database),
idle: make(chan *Client), idle: make(chan *Client),
name: NewName(config.Server.Name), name: NewName(config.Server.Name),
newConns: make(chan net.Conn), newConns: make(chan net.Conn),
operators: config.Operators(), operators: config.Operators(),
signals: make(chan os.Signal, len(SERVER_SIGNALS)), signals: make(chan os.Signal, len(SERVER_SIGNALS)),
whoWas: NewWhoWasList(100), proxyAllowedFrom: config.Server.ProxyAllowedFrom,
theaters: config.Theaters(), whoWas: NewWhoWasList(100),
theaters: config.Theaters(),
} }
// ensure that there is a minimum number of args specified for every command // ensure that there is a minimum number of args specified for every command
@ -369,7 +371,18 @@ func (msg *PassCommand) HandleRegServer(server *Server) {
} }
func (msg *ProxyCommand) HandleRegServer(server *Server) { func (msg *ProxyCommand) HandleRegServer(server *Server) {
msg.Client().hostname = msg.hostname client := msg.Client()
clientAddress := IPString(client.socket.conn.RemoteAddr()).String()
clientHostname := client.hostname.String()
for _, address := range server.proxyAllowedFrom {
if clientHostname == address || clientAddress == address {
client.hostname = msg.hostname
return
}
}
client.Quit("PROXY command is not usable from your address")
} }
func (msg *UserCommand) HandleRegServer(server *Server) { func (msg *UserCommand) HandleRegServer(server *Server) {

View File

@ -34,6 +34,11 @@ server:
# if you change the motd, you should move it to ircd.motd # if you change the motd, you should move it to ircd.motd
motd: oragono.motd motd: oragono.motd
# addresses/hostnames the PROXY command can be used from
proxy-allowed-from:
- "localhost"
- "127.0.0.1"
# ssl listeners # ssl listeners
ssllistener: ssllistener:
# listener on ":6697" # listener on ":6697"